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1 Protection and the control of information sharing in multics 
Jerome H. Saltzer 

July 1974 Communications of the ACM, Volume 17 issue 7 

Additional Information: full citation , abstract , references , citings , index 
terms 



Full text available: 



The design of mechanisms to control the sharing of information in the Multics system is 
described. Five design principles help provide insight into the tradeoffs among different 
possible designs. The key mechanisms described include access control lists, hierarchical 
control of access specifications, identification and authentication of users, and primary 
memory protection. The paper ends with a discussion of several known weaknesses in the 
current protection mechanism design. 

Keywords: Multics, access control, authentication, computer utilities, descriptors, privacy, 
proprietary programs, protected subsystems, protection, security, time-sharing systems, 
virtual memory 



2 Im proving the granularity of access control in Windows NT 

Michael M. Swift, Peter Brundrett, Cliff Van Dyke, Praerit Garg, Anne Hopkins, Shannon Chan, 
Mario Goertzel, Gregory Jensenworth 

May 2001 Proceedings of the sixth ACM symposium on Access control models and 
technologies 

Full text available: « odf(259.87 KB) Additiona! lnformation: fa» citation , &SbasA< rejeiences, citings, index 
^ terms 

This paper presents the access control mechanisms in Windows 2000 that enable fine- 
grained protection and centralized management. These mechanisms were added during the 
transition from Windows NT 4.0 to support the Active Directory, a new feature in Windows 
2000. We first extended entries in access control lists to allow rights to apply to just a 
portion of an object. The second extension allows centralized management of object 
hierarchies by specifying more precisely how access control lis ... 

Keywords: Windows 2000, access control lists 
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H. M. Gladney 

April 1997 ACM Transactions on Information Systems (TOIS), volume 15 issue 2 




Efforts to place vast information resources at the fingertips of each individual in large user 
populations must be balanced by commensurate attention to information protection. For 
distributed systems with less-structured tasks, more-diversified information, and a 
heterogeneous user set, the computing system must administer enterprise-chosen access 
control policies. One kind of resource is a digital library that emulates massive collections of 
paper and other physical media for clerical, en ... 

Keywords: access control, digital library, document, electronic library, information security 



4 Comparing simple role based access control models and access control lists Q 
John Barkley 

November 1997 Proceedings of the second ACM workshop on Role-based access control 

Full text available: pdf ( 741.18 KB) Additional Information: full citation , references , citings , index terms 



5 The YGuard access control model: set-based access control 
Ty van den Akker, Quinn O. Snell, Mark J. Clement 

May 2001 Proceedings of the sixth ACM symposium on Access control models and 
technologies 

Full text available: ^pdf(275.75 KB) Additional Information: full citation , abstract , references , index terms 

As Internet usage proliferates, resource security becomes both more important and more 
complex. Contemporary users and systems are ill-equipped to deal with the complex 
security demands of a ubiquitous, insecure network. The YGuard Access Control Model, 
developed at Brigham Young University, employs set-based access control lists, XML, and a 
modular architecture to provide users with an intuitive, extensible, and efficient method of 
controlling access to system resources. The implementat ... 

Keywords: XML, XSet, XWeb, YGuard, access control list, access control model, set 



6 Cr y ptogra phic sealing for information secrecy and authentication Q 
David K. Gifford 

April 1982 Communications of the ACM, volume 25 issue 4 



A new protection mechanism is described that provides general primitives for protection 
and authentication. The mechanism is based on the idea of sealing an object with a key. 
Sealed objects are self-authenticating, and in the absence of an appropriate set of keys, 
only provide information about the size of their contents. New keys can be freely created at 
any time, and keys can also be derived from existing keys with operators that include Key- 
And and Key-Or 

Keywords: conentional crypto-systems, cryptographic sealing, key, seal, secrecy, unseal 
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November 1996 Proceedings of the 1996 ACM conference on Computer supported 
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8 A taxonomy for secure object-oriented databases 
Martin S. Olivier, Sebastiaan H. von Solms 

March 1994 ACM Transactions on Database Systems (TODS), volume 19 issue l 

Full text available: fiQpdf(3.Q5 MB) Additional Information: full citation , abstract , references , citings , index 
^ terms , review 

This paper proposes a taxonomy for secure object-oriented databases in order to clarify the 
issues in modeling and implementing such databases. It also indicates some implications of 
the various choices one may make when designing such a database. Most secure database 
models have been designed for relational databases. The object-oriented database model is 
more complex than the relational model. For these reasons, models for secure object- 
oriented databases are more complex than ... 

Keywords: formal security models, information security, multilevel secure databases, 
object-orientation 



9 Role-based access control and the access control matrix 
G. Saunders, M. Hitchens, V. Varadharajan 

October 2001 ACM SIGOPS Operating Systems Review, volume 35 issue 4 

Full text available: ^ pdf(888.27 KB) Additional Information: full citation , abstract , references , index terms 

The Access Matrix is a useful model for understanding the behaviour and properties of 
access control systems. While the matrix is rarely implemented, access control in real 
systems is usually based on access control mechanisms, such as access control lists or 
capabilities, that have clear relationships with the matrix model. In recent times a great 
deal of interest has been shown in Role Based Access Control (RBAC) models. However, the 
relationship between RBAC models and the Access Matrix is no ... 

10 Grapevine: an exercise in distributed computing 

Andrew D. Birrell, Roy Levin, Michael D. Schroeder, Roger M. Need ham 
April 1982 Communications of the ACM, Volume 25 Issue 4 

Full text available* gl pdfn.71 MB) Additional Information: full citation , abstract , references , citings, index 
' ^ terms 

Grapevine is a multicomputer system on the Xerox research internet. It provides facilities 
for the delivery of digital messages such as computer mail; for naming people, machines, 
and services; for authenticating people and machines; and for locating services on the 
internet. This paper has two goals: to describe the system itself and to serve as a case 
study of a real application of distributed computing. Part I describes the set of services 
provided by Grapevine and how its data and funct ... 

11 Adaptable object migration: concept and implementation 
Wolfgang Lux 

April 1995 ACM SIGOPS Operating Systems Review, volume 29 issue 2 

Full text available: ^)pdf(991.24 KB) Additional Information: full citation , abstract , citings , index terms 
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Migration is one example of the insufficiently used potentials of distributed systems. 
Although migration can enhance the efficiency and the reliability of distributed systems, it is 
still rarely used. Two limitations contained in nearly all existing migration implementations 
prevent a widespread usage: migration is restricted to processes and the migration 
mechanism, i.e. the way state is transferred, is not adaptable to changing requirements. In 
our approach, migration is an operation provided ... 

12 The Multics kernel design project 

Michael D. Schroeder, David D. Clark, Jerome H. Saltzer 

November 1977 Proceedings of the sixth ACM symposium on Operating systems 



We describe a plan to create an auditable version of Multics. The engineering experiments 
of that plan are now complete. Type extension as a design discipline has been 
demonstrated feasible, even for the internal workings of an operating system, where many 
subtle intermodule dependencies were discovered and controlled. Insight was gained into 
several tradeoffs between kernel complexity and user semantics. The performance and size 
effects of this work are encouraging. We conclude that verifi ... 

Keywords: Multics, Operating systems, Protection, Security, Security kernel, Supervisors, 
Type extension, Verifiable systems 



13 Cryptographic sealing for information secrecy and authentication Q 
David K. Gifford 

December 1981 Proceedings of the eighth ACM symposium on Operating systems 
principles 

Full text available: ^ pdf(1 78.45 KB) Additional Information: full citation , abstract , index terms 

The problem of computer security can be considered to consist of four distinct components: 
secrecy (ensuring that information is only disclosed to authorized users), authentication 
(ensuring that information is not forged), integrity (ensuring that information is not 
destroyed), and availability (ensuring that access to information can not be maliciously 
interrupted). The paper describes a new protection mechanis ... 

14 Third Generation Computer Systems Q 
Peter J. Denning 

December 1971 ACM Computing Surveys (CSUR), Volume 3 issue 4 

p ii tovt a a iahio- « nHw* mr\ Additional Information: full citation , abstract , references , citings , index 



The common features of third generation operating systems are surveyed from a general 
view, with emphasis on the common abstractions that constitute at least the basis for a 
"theory" of operating systems. Properties of specific systems are not discussed except 
where examples are useful. The technical aspects of issues and concepts are stressed, the 
nontechnical aspects mentioned only briefly. A perfunctory knowledge of third generation 
- systems is presumed. 
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Michael D. Schroeder, Andrew D. Birrell, Roger M. Needham 

February 1984 ACM Transactions on Computer Systems (TOCS), Volume 2 issue l 
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16 The architecture and implementation of a distributed hypermedia storage system 
Douglas E. Shackelford, John B. Smith, F. Donelson Smith 
December 1993 Proceedings of the fifth ACM conference on Hypertext 

Full text available: ^ pdfd.01 MB) Additional Information: full citation , references , citings , index terms 



Keywords: computer-supported cooperative work (CSCW), distributed data, distributed file 
systems, hypertext, performance, scalability 



17 CACL: efficient fine-grained protection for objects 
Joel Richardson, Peter Schwarz, Luis-Felipe Cabrera 

October 1992 ACM SIGPLAN Notices , conference proceedi ngs on Object-oriented 
programming systems, languages, and applications, Volume 27 issue 10 
Full text available: ^ pdf(1.61 MB) Additional Information: full citation , references , citings , index terms 



18 Object-oriented technology: Developing an object-oriented view management system 
Harumi A. Kuno, Elke A. Rundensteiner 

October 1993 Proceedings of the 1993 conference of the Centre for Adva need Studies 
on Collaborative research: software engineering - Volume 1 

Full text available: ^g| pdf(1.24 MB) Additional Information: full citation , abstract , references 

This paper discusses our experiences regarding the design and implementation of the Multi 
View system - a framework for the specification, creation, and management of updatable 
views in object-oriented databases (OODBs) - using commercially available OODB 
technology. Multi View, which simplifies view schema design and maintenance by breaking 
view specification into the tasks of class derivation, global schema integration, view class 
selection, and view hierarchy generation, has bee ... 

Keywords: data independence, meta schema, object - oriented databases, schema 
integration, view definition 



19 CORDS: From grapevine to trader: the evolution of distributed directory technology 
Roger Y. M. Cheung 

November 1992 Proceedings of the 1992 conference of the Centre for Advanced Studies 
on Collaborative research - Volume 2 

Full text available: ^| pdf(657.25 KB) Additional Information: full citation , abstract , references 

Distributed directory is an essential component in a distributed processing environment that 
involves multiple systems connected via a LAN (local area network) and WAN (wide area 
network). This paper reviews the evolution of distributed directory technology from simple 
name-to-address mapping to sophisticated import request-to-export service mapping by 
examining four different kinds of directory systems: Grapevine, Global name service, ISO 
Directory, and Trader. The characteristics of these dire ... 

20 UNIX security in a supercomputing environment 
M. Bishop 

August 1989 Proceedings of the 1989 ACM/IEEE conference on Supercomputing 

Full text available: ^ pdf(860.50 KB) Additional Information: full citation , abstract , references , index terms 
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The UNIX@@@@ operating system is designed for collaborative work and not for security. 
Vendors have modified this operating system (in some cases, radically) to provide levels of 
security acceptable to their customers, but the versions used in supercomputing 
environments would benefit from enhancements present in so-called secure versions. This 
paper discusses the need for security in a supercomputing environment and suggests 
modifications to the UNIX operating system that would decrease th ... 
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